Enterprises today face a multitude of challenges related to the privacy and protection of consumer, employee and partner data. Globalisation of data, centralised technology architectures, outsourcing, off-shoring, conflicting cultural expectations, government security concerns, national trade issues, distribution and supply chain demands, regulatory and contractual requirements all continue to influence the corporate use of personal data. Organisations should recognise that personal data is an increasingly valuable and complex asset requiring strategic decisions of senior management to effectively meet both the challenges and opportunities in the emerging global information economy.
Legislation and mounting public pressure require that enterprises establish appropriate policies and procedures to adequately protect the various forms of data that are part of their everyday business operations. Without a holistic privacy programme to strategically define and address data privacy and protection issues, your organisation may be exposed to legal liabilities and potential brand issues. Multinational organisations face particularly complex privacy compliance issues, primarily stemming from the flow of data across country borders. Multinationals must understand and comply with the data privacy and protection requirements of the countries through which their data passes. This is often accomplished through a detailed reconciliation of the laws across the multiple countries.
Developing an enterprise trust strategy and privacy stance, and successfully integrating it into your organisation, is a complex process. It is important to evaluate business requirements, associated costs, actual and potential use, return on investment, market relationships and, most important, brand alignment in developing your strategy for personal data. This process requires a broad multidisciplinary approach that considers each business function within your organisation.
Deloitte can help you protect consumer, employee and partner data through the implementation of an enterprise-wide privacy program. We have developed a risk-based approach and methodology to help with the many facets of an enterprise privacy programme. This methodology incorporates the development of a privacy strategy, rationalised privacy requirements, an enterprise inventory of personal data, data classification schemes, policies and procedures, training and awareness, and programs for ongoing verification and evaluation processes.
Please do not hesitate to contact a member of our ERS team with any queries you might have.